Zeek In Action, Video 12,  zeek2es

Zeek In Action, Video 12, zeek2es

In this video, Keith Jones (Sr. Security Researcher, Corelight) introduces a simple Python program written to help you take your Zeek ASCII tab delimited files and make them full text searchable with ElasticSearch+Kibana (or OpenSearch, if you prefer).  If you don’t...
Zeek in Action, Video 11, Using Spicy Driver

Zeek in Action, Video 11, Using Spicy Driver

In this video, Keith Jones (Sr. Security Researcher, Corelight) builds on a previous Zeek in Action video and shows how you can use spicy-driver to quickly debug (and improve!) the Radius code we built in that prior video. Link to Slides If you would like to follow...
Detecting the Facefish Linux Rootkit with Zeek

Detecting the Facefish Linux Rootkit with Zeek

Introduction In April 2021 Juniper networks reported on a new Linux rootkit designed to steal SSH credentials from Linux servers.  A month later Netlab 360 published a deeper analysis of the same rootkit they named “Facefish”.  Both reports provide enough...